Article Number: 000200215

DSA-2022-143: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities.

Summary: Dell Wyse Management Suite (WMS) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Medium

Details

Third-Party Component	CVEs	More information
JQuery UI Library	CVE-2021-41184	See NVD for individual scores for each CVE

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2022-29096	Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-29097	Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2022-29096	Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-29097	Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Affected Versions	Updated Versions	Link to Update
Dell Wyse Management Suite	3.6.1 and earlier	3.7	Dell Wyse Management Suite

Product	Affected Versions	Updated Versions	Link to Update
Dell Wyse Management Suite	3.6.1 and earlier	3.7	Dell Wyse Management Suite

Acknowledgements

CVE-2022-29097: Dell Technologies would like to thank bugbounty2k20 for reporting this issue.

Revision History

Revision	Date	Description
1.0	2022-05-31	Initial Release

DSA-2022-143: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities.

Summary: Dell Wyse Management Suite (WMS) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Acknowledgements

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2022-143: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities.

Summary: Dell Wyse Management Suite (WMS) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Acknowledgements

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type